Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Unverified Commit 1a5b6a47 authored by rickyniu's avatar rickyniu Committed by Michael Bestas
Browse files

ANDROID: usb: gadget: f_mtp: Return error if count is negative 



If the user passes in a negative file size in a int64,
this will compare to be smaller than buffer length,
and it will get truncated to form a read length that
is larger than the buffer length.

To fix, return -EINVAL if the count argument is negative,
so the loop will never happen.

Bug: 37429972
Bug: 161328074
(cherry-picked from commit 6ba119257516c87a577993487c0b5aaa1ab0c0a1)
Signed-off-by: default avatarrickyniu <rickyniu@google.com>
Change-Id: I8f055b0186931f1ebd222bc17bbfd96a7aedd459
parent 4ca330d4
Show whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment